Cryptology ePrint Archive: Report 2016/349

Note on Impossible Differential Attacks

Patrick Derbez

Abstract: While impossible differential cryptanalysis is a well-known and popular cryptanalytic method, errors in the analysis are often discovered and many papers in the literature present flaws. Wishing to solve that, Boura \textit{et al.} presented at ASIACRYPT'14 a generic vision of impossible differential attacks with the aim of simplifying and helping the construction and verification of this type of cryptanalysis. In particular, they gave generic complexity analysis formulas for mounting such attacks and develop new ideas for optimizing them. In this paper we carefully study this generic formula and show impossible differential attacks for which the real time complexity is much higher than estimated by it. In particular, we show that the impossible differential attack against 25-round TWINE-128, presented at FSE'15 by Biryukov \textit{et al.}, actually has a complexity higher than the natural bound of exhaustive search.

Category / Keywords: secret-key cryptography / truncated impossible differential, cryptanalysis, block cipher, TWINE, complexity

Original Publication (in the same form): IACR-FSE-2016

Date: received 1 Apr 2016

Contact author: patrick derbez at irisa fr

Available format(s): PDF | BibTeX Citation

Version: 20160401:171058 (All versions of this report)

Short URL:

Discussion forum: Show discussion | Start new discussion

[ Cryptology ePrint archive ]